Local Code Execution Vulnerability in Linux Kernel

Systems Affected
• Linux Kernel prior to 3.15.2

Threat Level

Medium

Overview

Vulnerability has been reported in Linux Kernel which could be exploited by a local attacker to execute arbitrary code on the system.

Description

The vulnerability exists due to use-after-free error in the "sound/core/control.c" in the ALSA (Advanced Linux Sound Architecture) control implementation. A local attacker could exploit this vulnerability to execute arbitrary code on the system.

Successful exploitation of this vulnerability could allow an attacker to cause Denial of service(DoS) or obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.

Impact

Solution/ Workarounds

Apply appropriate patch as mentioned in the following link
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/sound/core/control.c?id=fd9f26e4eca5d08a27d12c0933fceef76ed9663d

References

http://www.cert-in.org.in/

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.